<?php
require_once("page.class.php");

class user extends page{
	
	var $db;
	
	function user($get,$post){
		$action = isset($get["a"])?$get["a"]:$post["a"];
		$this->db = new db_functions();
		
		if(!$_COOKIE["ypu"]){
			
		}
		switch ($action){
			case "new":
				$this->newUser();
				break;
			case "addNewUser":
				$this->addNewUser();
				break;
			case "changePass":
				$this->changePass($post);
				break;
			default:
				break;
		}
	}
	function newUser(){
		$radnici = $this->db->select2("SELECT radnik_id, radnik_ime, radnik_prezime FROM radnici ORDER BY radnik_ime, radnik_prezime");
		foreach ($radnici as $r){
			$radnik_id[] = $r["radnik_id"];
			$radnik_ime[] = $r["radnik_ime"];
			$radnik_prezime[] = $r["radnik_prezime"];
		}
		$this->assign("radnik_id",$radnik_id);
		$this->assign("radnik_ime",$radnik_ime);
		$this->assign("radnik_prezime",$radnik_prezime);
		
		$groups = $this->db->select2("SELECT * FROM groups ORDER BY gname");
		foreach ($groups as $g){
			$gid[] = $g["gid"];
			$gname[] = $g["gname"];
		}
		$this->assign("group_id",$gid);
		$this->assign("group_name",$gname);
		
		echo $this->parseTemplate("user/new.tpl");
	}
	
	function addNewUser(){
		$radnik = getFromInput("radnik");
		$group	= getFromInput("group");
		$user	= getFromInput("user");
		$pass	= getFromInput("pass");
		
		if($radnik>0 && $group>0 && strlen($user)>0 && strlen($pass)>0){
		
			$radniciSaViseNaloga = array(
				69	// kancelarija
			);
			if (!in_array($radnik,$radniciSaViseNaloga)) {
				$q = "SELECT id FROM users WHERE radnik_id=$radnik";
				$radid = $this->db->getOne($q);
			}else{
				$radid=null;
			}
			
			if($radid===null){
				$q = "SELECT id FROM users WHERE username='$user' AND password=OLD_PASSWORD('$pass') LIMIT 1";
				$radid = $this->db->getOne($q);
				if($radid===null){
					$q = "INSERT INTO users(gid,radnik_id,username,password) VALUES("
						."$group,$radnik,'$user',OLD_PASSWORD('$pass')"
						.")";
					if($this->db->alterTable($q)){
						echo "Nalog uspešno kreiran.";
					}else{
						echo mysql_error();
					}
				}else{
					echo "Već postoji korisnički nalog sa unetim korisničkim imenom i šifrom.";
				}
			}else{
				echo "Radnik već ima korisnički nalog";
			}
		}else{
			echo "Morate popuniti sve podatke.";
		}
	}
	function changePass($post){
		$step = $post["s"];
		switch ($step){
			case 1:
				$old = $post["old"];
				$new = $post["new"];
				$user_id=$_COOKIE["ypu"];
				
				$code=0;
				$msg="Unknown error";
				
				$q = "SELECT id, username FROM users WHERE id=$user_id AND `password`=OLD_PASSWORD('$old') LIMIT 1";
				$res = $this->db->select2($q);
				if($res !== false){
					$res = $res[0];
					$username = $res["username"];
					
					$id = $this->db->getOne("SELECT id FROM users WHERE username='$username' AND `password`=PASSWORD('$new')");
					if($id==null){
						$q = "UPDATE users SET `password`=OLD_PASSWORD('$new') WHERE id=$user_id LIMIT 1";
						if($this->db->alterTable($q)){
							$code=1;
							$msg = "Lozinka je promenjena";
							//var_export($id,true);
						}else{
							$msg = mysql_error();
						}
					}else{
						if($id==$user_id){
							$msg = "Nova lozinka je ista kao stara.";
						}else{
							$msg = "Već postoji korisnik sa istim korisničkim imenom i šifrom.";
						}
					}
				}else{
					$msg = "Pogrešna stara lozinka!";
				}
				echo "$code{!}$msg";
				
				break;
			default:
				echo $this->parseTemplate("user/change_pass.tpl");
				break;
		}
	}
}
?>